Greetings dear community!
I need guidance on proxys on openwrt.
Hardware:
- NETGEAR Nighthawk X4S R7800
Setup:
Need:
- Intercept http and https networks calls to 1 specific domain. Modify the response on the router before it reaches the client.
From reading OpenWrt's documentation, it seems privoxy and tinyproxy are the two lead contenders for my use case.
I have a few specific questions:
- is the proxy isolated to its network? In other words, will I need to have 4 proxy processes running, or can I have just one
- should I worry about performance impact in this case?
- should I go for privoxy, tinyproxy, or anything else?
In principle, "HTTPS" and "modify the response" are incompatible terms... Can you install self-signed certificates on the clients?
1 Like
Ah right, makes sense.
I am able to install self-signed certificates on the clients, yes. I have full access to the clients.
squid (proxy) then is THE tool to do it, but not trivial, and will be even more difficult to be run on openwrt. Probably privoxy is able to do it, as well. Check this one out, first.
Hopefully, you do not want to modify content for a domain, using HSTS.
1 Like
Hmm, I checked the response headers, and it contains:
strict-transport-security: max-age=...
So I believe this means it uses HSTS?
Does it make it significantly more difficult to do what I want?
Actually, I see that privoxy does not support HTTP/2 :
Privoxy currently doesn't parse HTTP/2
Many websites (including the ones I want to modify) actually run on HTTP/2, so privoxy seems to be a non-starter.
I see that Haproxy supports HTTP/3, so that might be a good candidate. Does anyone have feedback on Haproxy on OpenWrt? Is performance reasonable on an R7000?